Finalize import paths and documentationv0.1.0 0.1.0

This commit changes all the internal import paths from `fscrypt/foo` to `github.com/google/fscrypt/foo` so that it can be built once we release externaly. The documentation in README.md is updated accordingly. Also, the README has a note noting that we do not make any guarantees about project stability before 1.0 (when it ships with Ubuntu). Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280
author: Joe Richey joerichey@google.com <joerichey@google.com> 2017-06-28 13:57:55 -0700
committer: Joe Richey joerichey@google.com <joerichey@google.com> 2017-06-28 15:15:21 -0700
commit: 2c52eca8727df744d093703bbcbd87fc39d57d30 (patch)
tree: ce733819f34baacbb67d5dabb5baaa01c6888e9d
parent: abdd12ff9efa98af245b91517398ad84b42fd90e (diff)
29 files changed, 139 insertions, 131 deletions
diff --git a/Makefile b/Makefile
index 09d5558..dc24e67 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,7 @@ VERSION = 0.1.0
 BUILD_TIME = $(shell date)
 
 CFLAGS += -O2 -Wall
-CMD_DIR = $(NAME)/cmd/$(NAME)
+CMD_DIR = github.com/google/$(NAME)/cmd/$(NAME)
 
 # The code below lets the caller of the makefile change the build flags for
 # fscrypt in a familiar manner. For example, to force the program to statically
@@ -75,7 +75,7 @@ format:
 	@find . -name "*.h" -o -name "*.c" -not -path "./vendor/*" | xargs clang-format -i -style=Google
 
 install:
-	go install $(CMD_DIR)
+	go install $(GOFLAGS) $(CMD_DIR)
 
 install_all:
 	govendor install $(GOFLAGS) +local
diff --git a/README.md b/README.md
index 24f603e..615e19d 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ fscrypt is a high-level tool [written in Go](https://golang.org) for the
 management of [Linux filesystem encryption](https://lwn.net/Articles/639427).
 This tool manages metadata, key generation, key wrapping, PAM integration, and
 provides a uniform interface for creating and modifying encrypted directories.
-For a small low-level tool that directly manipulates keys and policies, see
+For a small low-level tool that directly sets policies, see
 [fscryptctl](https://github.com/google/fscryptctl).
 
 To use fscrypt, you must have a filesystem with encryption enabled and a
@@ -36,7 +36,7 @@ filesystem metadata) is encrypted with this single key when using dm-crypt,
 while fscrypt only encrypts the filenames and file contents in a specified
 directory. Note that using both dm-crypt and fscrypt simultaneously will give
 the protections and benefits of both; however, this may cause a decrease in
-your performance, as files contents are encrypted twice.
+your performance, as file contents are encrypted twice.
 
 Once example of a reasonable setup could involve using dm-crypt with a TPM or
 Secure boot key, while using fscrypt for the contents of a home directory. This
@@ -45,7 +45,7 @@ user's personal documents to their passphrase.
 
 On the other hand, eCryptfs is another form of filesystem encryption on Linux;
 it encrypts a filesystem directory with some key or passphrase. eCryptfs sits on
-top of an existing filesystem. This make eCryptfs an alternative choice if your
+top of an existing filesystem. This makes eCryptfs an alternative choice if your
 filesystem or kernel does not support native filesystem encryption.
 
 Also note that fscrypt does not support or setup either eCryptfs or dm-crypt.
@@ -63,7 +63,7 @@ should be read to understand the full architecture of fscrypt.
 
 Briefly, fscrypt deals with protectors and policies. Protectors represent some
 secret or information used to protect the confidentiality of your data. The
-three currently supported protectors types are:
+three currently supported protector types are:
 1. Your login passphrase, through
     [PAM](http://www.linux-pam.org/Linux-PAM-html/) (see troubleshooting below)
 2. A custom passphrase
@@ -93,39 +93,25 @@ The following functionality is planned:
 *   `fscrypt backup` - Manages backups of the fscrypt metadata
 *   `fscrypt recovery` - Manages recovery keys for directories
 *   `fscrypt cleanup` - Scans filesystem for unused policies/protectors
-*   A PAM module to support changing of login passphrase
+*   A PAM module to support login passphrase changes (see below)
 
 See the example usage section below or run `fscrypt COMMAND --help` for more
 information about each of the commands.
 
 ## Building
 
-### Release build instructions
-
 fscrypt is written in Go, so to build the program you will need to
 [setup Go](https://golang.org/doc/install),
 [setup your `GOPATH`](https://golang.org/doc/code.html#GOPATH), and clone the
 repository into the correct location by running:
 ```shell
-go get -u github.com/google/fscrypt
+go get github.com/google/fscrypt
 ```
 Alternatively, just copy or checkout the source into
 `$GOPATH/src/github.com/google/fscrypt` and run:
 ```shell
 go build github.com/google/fscrypt
 ```
-
-### Pre-release build instructions
-<!-- TODO(joerichey) remove these before release -->
-fscrypt is written in Go, so to build the program you will need to
-[setup Go](https://golang.org/doc/install),
-[setup your `GOPATH`](https://golang.org/doc/code.html#GOPATH), and clone the
-repository into the correct location by running
-```shell
-git clone REPOSITORY $GOPATH/fscrypt
-```
-or by unpacking a source tar file into `$GOPATH/fscrypt`.
-
 You will also want to add `$GOPATH/bin` to your `$PATH`.
 
 fscrypt has the following build dependencies:
@@ -150,8 +136,8 @@ fscrypt has the following build dependencies:
 
 Once this is setup, you can run `make fscrypt` to build the executable in the
 current directory. See the `Makefile` for instructions on building a static
-executable. If a Go project contains C code, the go compiler produces a
-dynamically linked binary by default.
+executable. The C libraries used by fscrypt will be dynamically linked by
+default.
 
 ## Running and Installing
 
@@ -167,6 +153,14 @@ Installing it just requires placing it in your path or running `make install`.
 Change `$GOBIN` to change the install location of fscrypt. By default,
 fscrypt is installed to `$GOPATH/bin`.
 
+## Note about stability
+fscrypt follows [semantic versioning](http://semver.org). As such, all versions
+below `1.0.0` should be considered development versions. This means no
+guarantees are make about the stability of APIs or formats of config files. As
+the on-disk metadata structures use
+[Protocol Buffers](https://github.com/google/protobuf), we don't expect to break
+backwards compatibility for metadata, but we give no guarantees.
+
 ## Example Usage
 
 All these examples assumes we have ext4 filesystems mounted at `/` and
@@ -515,7 +509,7 @@ running:
 fscrypt metadata change-passphrase --protector=MOUNTPOINT:ID
 ```
 
-#### I can still see Files/Filenames after running `fscrypt purge MOUNTPOINT`
+#### I can still see files or filenames after running `fscrypt purge MOUNTPOINT`
 
 You need to unmount `MOUNTPOINT` to clear the necessary caches. See
 `fscrypt purge --help` for more information
diff --git a/actions/callback.go b/actions/callback.go
index 2415d8c..f15893d 100644
--- a/actions/callback.go
+++ b/actions/callback.go
@@ -25,9 +25,9 @@ import (
 
 	"github.com/pkg/errors"
 
-	"fscrypt/crypto"
-	"fscrypt/filesystem"
-	"fscrypt/metadata"
+	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/metadata"
 )
 
 // ProtectorInfo is the information a caller will receive about a Protector
diff --git a/actions/config.go b/actions/config.go
index 1d81ff9..55010a5 100644
--- a/actions/config.go
+++ b/actions/config.go
@@ -28,12 +28,11 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
-
 	"golang.org/x/sys/unix"
 
-	"fscrypt/crypto"
-	"fscrypt/metadata"
-	"fscrypt/util"
+	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/util"
 )
 
 // LegacyConfig indicates that keys should be inserted into the keyring with the
diff --git a/actions/context.go b/actions/context.go
index f8d0a3d..8bf0287 100644
--- a/actions/context.go
+++ b/actions/context.go
@@ -33,9 +33,9 @@ import (
 
 	"github.com/pkg/errors"
 
-	"fscrypt/crypto"
-	"fscrypt/filesystem"
-	"fscrypt/metadata"
+	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/metadata"
 )
 
 // Errors relating to Config files or Config structures.
diff --git a/actions/context_test.go b/actions/context_test.go
index 79adedf..a92ef34 100644
--- a/actions/context_test.go
+++ b/actions/context_test.go
@@ -21,12 +21,13 @@ package actions
 
 import (
 	"fmt"
-	"fscrypt/util"
 	"log"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
+
+	"github.com/google/fscrypt/util"
 )
 
 const testTime = 10 * time.Millisecond
diff --git a/actions/policy.go b/actions/policy.go
index ff61e8b..e755883 100644
--- a/actions/policy.go
+++ b/actions/policy.go
@@ -26,10 +26,10 @@ import (
 
 	"github.com/pkg/errors"
 
-	"fscrypt/crypto"
-	"fscrypt/filesystem"
-	"fscrypt/metadata"
-	"fscrypt/util"
+	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/util"
 )
 
 // Errors relating to Policies
diff --git a/actions/protector.go b/actions/protector.go
index 0409b56..5245951 100644
--- a/actions/protector.go
+++ b/actions/protector.go
@@ -26,8 +26,8 @@ import (
 
 	"github.com/pkg/errors"
 
-	"fscrypt/crypto"
-	"fscrypt/metadata"
+	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/metadata"
 )
 
 // Errors relating to Protectors
diff --git a/actions/protector_test.go b/actions/protector_test.go
index eacba83..6c81d49 100644
--- a/actions/protector_test.go
+++ b/actions/protector_test.go
@@ -25,7 +25,7 @@ import (
 
 	"github.com/pkg/errors"
 
-	. "fscrypt/crypto"
+	"github.com/google/fscrypt/crypto"
 )
 
 const testProtectorName = "my favorite protector"
@@ -33,11 +33,11 @@ const testProtectorName2 = testProtectorName + "2"
 
 var errCallback = errors.New("bad callback")
 
-func goodCallback(info ProtectorInfo, retry bool) (*Key, error) {
-	return NewFixedLengthKeyFromReader(bytes.NewReader(timingPassphrase), len(timingPassphrase))
+func goodCallback(info ProtectorInfo, retry bool) (*crypto.Key, error) {
+	return crypto.NewFixedLengthKeyFromReader(bytes.NewReader(timingPassphrase), len(timingPassphrase))
 }
 
-func badCallback(info ProtectorInfo, retry bool) (*Key, error) {
+func badCallback(info ProtectorInfo, retry bool) (*crypto.Key, error) {
 	return nil, errCallback
 }
 
diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go
index cbf62ed..7724138 100644
--- a/cmd/fscrypt/commands.go
+++ b/cmd/fscrypt/commands.go
@@ -28,9 +28,9 @@ import (
 	"github.com/pkg/errors"
 	"github.com/urfave/cli"
 
-	"fscrypt/actions"
-	"fscrypt/filesystem"
-	"fscrypt/metadata"
+	"github.com/google/fscrypt/actions"
+	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/metadata"
 )
 
 // Setup is a command which can to global or per-filesystem initialization.
diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go
index 272160a..c698673 100644
--- a/cmd/fscrypt/errors.go
+++ b/cmd/fscrypt/errors.go
@@ -31,10 +31,10 @@ import (
 	"github.com/pkg/errors"
 	"github.com/urfave/cli"
 
-	"fscrypt/actions"
-	"fscrypt/filesystem"
-	"fscrypt/metadata"
-	"fscrypt/util"
+	"github.com/google/fscrypt/actions"
+	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/util"
 )
 
 // failureExitCode is the value fscrypt will return on failure.
diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go
index da3116f..16412bf 100644
--- a/cmd/fscrypt/flags.go
+++ b/cmd/fscrypt/flags.go
@@ -24,13 +24,14 @@ package main
 import (
 	"flag"
 	"fmt"
-	"fscrypt/actions"
 	"log"
 	"regexp"
 	"strconv"
 	"time"
 
 	"github.com/urfave/cli"
+
+	"github.com/google/fscrypt/actions"
 )
 
 // We define the types boolFlag, durationFlag, and stringFlag here instead of
diff --git a/cmd/fscrypt/format.go b/cmd/fscrypt/format.go
index 39cc71f..ef009d3 100644
--- a/cmd/fscrypt/format.go
+++ b/cmd/fscrypt/format.go
@@ -32,7 +32,7 @@ import (
 	"github.com/urfave/cli"
 	"golang.org/x/crypto/ssh/terminal"
 
-	"fscrypt/util"
+	"github.com/google/fscrypt/util"
 )
 
 var (
diff --git a/cmd/fscrypt/keys.go b/cmd/fscrypt/keys.go
index cecaa5b..820ddec 100644
--- a/cmd/fscrypt/keys.go
+++ b/cmd/fscrypt/keys.go
@@ -30,10 +30,10 @@ import (
 	"github.com/pkg/errors"
 	"golang.org/x/crypto/ssh/terminal"
 
-	"fscrypt/actions"
-	"fscrypt/crypto"
-	"fscrypt/metadata"
-	"fscrypt/pam"
+	"github.com/google/fscrypt/actions"
+	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/pam"
 )
 
 // The file descriptor for standard input
diff --git a/cmd/fscrypt/prompt.go b/cmd/fscrypt/prompt.go
index 56dcf06..1b02280 100644
--- a/cmd/fscrypt/prompt.go
+++ b/cmd/fscrypt/prompt.go
@@ -28,8 +28,8 @@ import (
 	"strconv"
 	"strings"
 
-	"fscrypt/actions"
-	"fscrypt/metadata"
+	"github.com/google/fscrypt/actions"
+	"github.com/google/fscrypt/metadata"
 )
 
 const (
diff --git a/cmd/fscrypt/protector.go b/cmd/fscrypt/protector.go
index e77a2e3..f54d3a4 100644
--- a/cmd/fscrypt/protector.go
+++ b/cmd/fscrypt/protector.go
@@ -23,9 +23,9 @@ package main
 import (
 	"log"
 
-	"fscrypt/actions"
-	"fscrypt/filesystem"
-	"fscrypt/metadata"
+	"github.com/google/fscrypt/actions"
+	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/metadata"
 )
 
 // createProtector makes a new protector on either ctx.Mount or if the requested
diff --git a/cmd/fscrypt/setup.go b/cmd/fscrypt/setup.go
index 4f2375c..6433b0c 100644
--- a/cmd/fscrypt/setup.go
+++ b/cmd/fscrypt/setup.go
@@ -25,7 +25,7 @@ import (
 	"io"
 	"os"
 
-	"fscrypt/actions"
+	"github.com/google/fscrypt/actions"
 )
 
 // createGlobalConfig creates (or overwrites) the global config file
diff --git a/cmd/fscrypt/status.go b/cmd/fscrypt/status.go
index 049c370..9a8604d 100644
--- a/cmd/fscrypt/status.go
+++ b/cmd/fscrypt/status.go
@@ -29,9 +29,9 @@ import (
 
 	"github.com/pkg/errors"
 
-	"fscrypt/actions"
-	"fscrypt/filesystem"
-	"fscrypt/metadata"
+	"github.com/google/fscrypt/actions"
+	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/metadata"
 )
 
 // Creates a writer which correctly aligns tabs with the specified header.
diff --git a/crypto/crypto.go b/crypto/crypto.go
index 967243d..e66b0dd 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -51,8 +51,8 @@ import (
 	"github.com/pkg/errors"
 	"golang.org/x/crypto/hkdf"
 
-	"fscrypt/metadata"
-	"fscrypt/util"
+	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/util"
 )
 
 // Crypto error values
diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go
index a3a2880..8b63457 100644
--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@@ -30,7 +30,7 @@ import (
 	"os"
 	"testing"
 
-	. "fscrypt/metadata"
+	"github.com/google/fscrypt/metadata"
 )
 
 // Reader that always returns the same byte
@@ -50,12 +50,12 @@ func makeKey(b byte, n int) (*Key, error) {
 
 var fakeValidDescriptor = "0123456789abcdef"
 var fakeInvalidDescriptor = "123456789abcdef"
-var fakeSalt = bytes.Repeat([]byte{'a'}, SaltLen)
+var fakeSalt = bytes.Repeat([]byte{'a'}, metadata.SaltLen)
 var fakePassword = []byte("password")
 
-var fakeValidPolicyKey, _ = makeKey(42, PolicyKeyLen)
-var fakeInvalidPolicyKey, _ = makeKey(42, PolicyKeyLen-1)
-var fakeWrappingKey, _ = makeKey(17, InternalKeyLen)
+var fakeValidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen)
+var fakeInvalidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen-1)
+var fakeWrappingKey, _ = makeKey(17, metadata.InternalKeyLen)
 
 // As the passpharase hashing function clears the passphrase, we need to make
 // a new passphrase key for each test
@@ -68,25 +68,25 @@ func fakePassphraseKey() (*Key, error) {
 //    echo "password" | argon2 "aaaaaaaaaaaaaaaa" -id -t <t> -m <m> -p <p> -l 32
 // where costs.Time = <t>, costs.Memory = 2^<m>, and costs.Parallelism = <p>.
 type hashTestCase struct {
-	costs   *HashingCosts
+	costs   *metadata.HashingCosts
 	hexHash string
 }
 
 var hashTestCases = []hashTestCase{
 	{
-		costs:   &HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 1},
+		costs:   &metadata.HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 1},
 		hexHash: "a66f5398e33761bf161fdf1273e99b148f07d88d12d85b7673fddd723f95ec34",
 	},
 	{
-		costs:   &HashingCosts{Time: 10, Memory: 1 << 10, Parallelism: 1},
+		costs:   &metadata.HashingCosts{Time: 10, Memory: 1 << 10, Parallelism: 1},
 		hexHash: "5fa2cb89db1f7413ba1776258b7c8ee8c377d122078d28fe1fd645c353787f50",
 	},
 	{
-		costs:   &HashingCosts{Time: 1, Memory: 1 << 15, Parallelism: 1},
+		costs:   &metadata.HashingCosts{Time: 1, Memory: 1 << 15, Parallelism: 1},
 		hexHash: "f474a213ed14d16ead619568000939b938ddfbd2ac4a82d253afa81b5ebaef84",
 	},
 	{
-		costs:   &HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 10},
+		costs:   &metadata.HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 10},
 		hexHash: "b7c3d7a0be222680b5ea3af3fb1a0b7b02b92cbd7007821dc8b84800c86c7783",
 	},
 }
@@ -167,7 +167,7 @@ func TestZeroLength(t *testing.T) {
 // active when the variable changes.
 func TestEnableDisableMemoryLocking(t *testing.T) {
 	// Mlock on for creation, off for wiping
-	key, err := NewRandomKey(InternalKeyLen)
+	key, err := NewRandomKey(metadata.InternalKeyLen)
 	UseMlock = false
 	defer func() {
 		UseMlock = true
@@ -186,7 +186,7 @@ func TestEnableDisableMemoryLocking(t *testing.T) {
 func TestDisableEnableMemoryLocking(t *testing.T) {
 	// Mlock off for creation, on for wiping
 	UseMlock = false
-	key2, err := NewRandomKey(InternalKeyLen)
+	key2, err := NewRandomKey(metadata.InternalKeyLen)
 	UseMlock = true
 
 	if err != nil {
@@ -332,7 +332,7 @@ func TestWrapSucceeds(t *testing.T) {
 	if err = lengthCheck("IV", data.IV, aes.BlockSize); err != nil {
 		t.Error(err)
 	}
-	if err = lengthCheck("Encrypted Key", data.EncryptedKey, PolicyKeyLen); err != nil {
+	if err = lengthCheck("Encrypted Key", data.EncryptedKey, metadata.PolicyKeyLen); err != nil {
 		t.Error(err)
 	}
 	if err = lengthCheck("HMAC", data.Hmac, sha256.Size); err != nil {
@@ -370,11 +370,11 @@ func TestWrapUnwrapEqual(t *testing.T) {
 // Check that Unwrap(Wrap(x)) == x with random keys
 func TestRandomWrapUnwrapEqual(t *testing.T) {
 	for i := 0; i < 10; i++ {
-		wk, err := NewRandomKey(InternalKeyLen)
+		wk, err := NewRandomKey(metadata.InternalKeyLen)
 		if err != nil {
 			t.Fatal(err)
 		}
-		sk, err := NewRandomKey(InternalKeyLen)
+		sk, err := NewRandomKey(metadata.InternalKeyLen)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -388,7 +388,7 @@ func TestRandomWrapUnwrapEqual(t *testing.T) {
 
 // Check that Unwrap(Wrap(x)) == x with differing lengths of secret key
 func TestDifferentLengthSecretKey(t *testing.T) {
-	wk, err := makeKey(1, InternalKeyLen)
+	wk, err := makeKey(1, metadata.InternalKeyLen)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -430,7 +430,7 @@ func TestWrapTwiceDistinct(t *testing.T) {
 }
 
 // Attempts to Unwrap data with key after altering tweek, should fail
-func testFailWithTweek(key *Key, data *WrappedKeyData, tweek []byte) error {
+func testFailWithTweek(key *Key, data *metadata.WrappedKeyData, tweek []byte) error {
 	tweek[0]++
 	key, err := Unwrap(key, data)
 	if err == nil {
@@ -578,8 +578,8 @@ func BenchmarkUnwrapNolock(b *testing.B) {
 
 func BenchmarkRandomWrapUnwrap(b *testing.B) {
 	for n := 0; n < b.N; n++ {
-		wk, _ := NewRandomKey(InternalKeyLen)
-		sk, _ := NewRandomKey(InternalKeyLen)
+		wk, _ := NewRandomKey(metadata.InternalKeyLen)
+		sk, _ := NewRandomKey(metadata.InternalKeyLen)
 
 		testWrapUnwrapEqual(wk, sk)
 		// Must manually call wipe here, or test will use too much memory.
@@ -588,7 +588,7 @@ func BenchmarkRandomWrapUnwrap(b *testing.B) {
 	}
 }
 
-func benchmarkPassphraseHashing(b *testing.B, costs *HashingCosts) {
+func benchmarkPassphraseHashing(b *testing.B, costs *metadata.HashingCosts) {
 	b.StopTimer()
 
 	pk, err := fakePassphraseKey()
@@ -609,25 +609,25 @@ func benchmarkPassphraseHashing(b *testing.B, costs *HashingCosts) {
 
 func BenchmarkPassphraseHashing_1MB_1Thread(b *testing.B) {
 	benchmarkPassphraseHashing(b,
-		&HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 1})
+		&metadata.HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 1})
 }
 
 func BenchmarkPassphraseHashing_1GB_1Thread(b *testing.B) {
 	benchmarkPassphraseHashing(b,
-		&HashingCosts{Time: 1, Memory: 1 << 20, Parallelism: 1})
+		&metadata.HashingCosts{Time: 1, Memory: 1 << 20, Parallelism: 1})
 }
 
 func BenchmarkPassphraseHashing_128MB_1Thread(b *testing.B) {
 	benchmarkPassphraseHashing(b,
-		&HashingCosts{Time: 1, Memory: 1 << 17, Parallelism: 1})
+		&metadata.HashingCosts{Time: 1, Memory: 1 << 17, Parallelism: 1})
 }
 
 func BenchmarkPassphraseHashing_128MB_8Thread(b *testing.B) {
 	benchmarkPassphraseHashing(b,
-		&HashingCosts{Time: 1, Memory: 1 << 17, Parallelism: 8})
+		&metadata.HashingCosts{Time: 1, Memory: 1 << 17, Parallelism: 8})
 }
 
 func BenchmarkPassphraseHashing_128MB_8Pass(b *testing.B) {
 	benchmarkPassphraseHashing(b,
-		&HashingCosts{Time: 8, Memory: 1 << 17, Parallelism: 1})
+		&metadata.HashingCosts{Time: 8, Memory: 1 << 17, Parallelism: 1})
 }
diff --git a/crypto/key.go b/crypto/key.go
index 2394eef..6781c1d 100644
--- a/crypto/key.go
+++ b/crypto/key.go
@@ -31,11 +31,10 @@ import (
 	"unsafe"
 
 	"github.com/pkg/errors"
-
 	"golang.org/x/sys/unix"
 
-	"fscrypt/metadata"
-	"fscrypt/util"
+	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/util"
 )
 
 const (
diff --git a/crypto/recovery_test.go b/crypto/recovery_test.go
index 3e3a50f..4a89e6d 100644
--- a/crypto/recovery_test.go
+++ b/crypto/recovery_test.go
@@ -23,8 +23,9 @@ package crypto
 import (
 	"bytes"
 	"fmt"
-	"fscrypt/metadata"
 	"testing"
+
+	"github.com/google/fscrypt/metadata"
 )
 
 const fakeSecretRecoveryCode = "EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJQ="
diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
index 960c06f..a85d24a 100644
--- a/filesystem/filesystem.go
+++ b/filesystem/filesystem.go
@@ -44,8 +44,8 @@ import (
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 
-	"fscrypt/metadata"
-	"fscrypt/util"
+	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/util"
 )
 
 // Filesystem error values
diff --git a/filesystem/filesystem_test.go b/filesystem/filesystem_test.go
index bcf4f38..16bf82b 100644
--- a/filesystem/filesystem_test.go
+++ b/filesystem/filesystem_test.go
@@ -27,43 +27,43 @@ import (
 
 	"github.com/pkg/errors"
 
-	. "fscrypt/crypto"
-	. "fscrypt/metadata"
-	. "fscrypt/util"
+	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/util"
 )
 
 var (
-	fakeProtectorKey, _    = NewRandomKey(InternalKeyLen)
-	fakePolicyKey, _       = NewRandomKey(PolicyKeyLen)
-	wrappedProtectorKey, _ = Wrap(fakeProtectorKey, fakeProtectorKey)
-	wrappedPolicyKey, _    = Wrap(fakeProtectorKey, fakePolicyKey)
+	fakeProtectorKey, _    = crypto.NewRandomKey(metadata.InternalKeyLen)
+	fakePolicyKey, _       = crypto.NewRandomKey(metadata.PolicyKeyLen)
+	wrappedProtectorKey, _ = crypto.Wrap(fakeProtectorKey, fakeProtectorKey)
+	wrappedPolicyKey, _    = crypto.Wrap(fakeProtectorKey, fakePolicyKey)
 )
 
 // Gets the mount corresponding to the integration test path.
 func getTestMount() (*Mount, error) {
-	mountpoint, err := TestPath()
+	mountpoint, err := util.TestPath()
 	if err != nil {
 		return nil, err
 	}
 	mnt, err := GetMount(mountpoint)
-	return mnt, errors.Wrapf(err, TestEnvVarName)
+	return mnt, errors.Wrapf(err, util.TestEnvVarName)
 }
 
-func getFakeProtector() *ProtectorData {
-	return &ProtectorData{
+func getFakeProtector() *metadata.ProtectorData {
+	return &metadata.ProtectorData{
 		ProtectorDescriptor: "fedcba9876543210",
 		Name:                "goodProtector",
-		Source:              SourceType_raw_key,
+		Source:              metadata.SourceType_raw_key,
 		WrappedKey:          wrappedProtectorKey,
 	}
 }
 
-func getFakePolicy() *PolicyData {
-	return &PolicyData{
+func getFakePolicy() *metadata.PolicyData {
+	return &metadata.PolicyData{
 		KeyDescriptor: "0123456789abcdef",
-		Options:       DefaultOptions,
-		WrappedPolicyKeys: []*WrappedPolicyKey{
-			&WrappedPolicyKey{
+		Options:       metadata.DefaultOptions,
+		WrappedPolicyKeys: []*metadata.WrappedPolicyKey{
+			&metadata.WrappedPolicyKey{
 				ProtectorDescriptor: "fedcba9876543210",
 				WrappedKey:          wrappedPolicyKey,
 			},
@@ -124,15 +124,15 @@ func TestAddProtector(t *testing.T) {
 	}
 
 	// Change the source to bad one, or one that requires hashing costs
-	protector.Source = SourceType_default
+	protector.Source = metadata.SourceType_default
 	if mnt.AddProtector(protector) == nil {
 		t.Error("bad source for a descriptor should make metadata invalid")
 	}
-	protector.Source = SourceType_custom_passphrase
+	protector.Source = metadata.SourceType_custom_passphrase
 	if mnt.AddProtector(protector) == nil {
 		t.Error("protectors using passphrases should require hashing costs")
 	}
-	protector.Source = SourceType_raw_key
+	protector.Source = metadata.SourceType_raw_key
 
 	// Use a bad wrapped key
 	protector.WrappedKey = wrappedPolicyKey
@@ -168,11 +168,11 @@ func TestAddPolicy(t *testing.T) {
 		t.Error("padding not a power of 2 should make metadata invalid")
 	}
 	policy.Options.Padding = 16
-	policy.Options.Filenames = EncryptionOptions_default
+	policy.Options.Filenames = metadata.EncryptionOptions_default
 	if mnt.AddPolicy(policy) == nil {
 		t.Error("encryption mode not set should make metadata invalid")
 	}
-	policy.Options.Filenames = EncryptionOptions_AES_256_CTS
+	policy.Options.Filenames = metadata.EncryptionOptions_AES_256_CTS
 
 	// Use a bad wrapped key
 	policy.WrappedPolicyKeys[0].WrappedKey = wrappedProtectorKey
diff --git a/metadata/checks.go b/metadata/checks.go
index 074d79e..4fe4531 100644
--- a/metadata/checks.go
+++ b/metadata/checks.go
@@ -23,7 +23,7 @@ import (
 	"github.com/golang/protobuf/proto"
 	"github.com/pkg/errors"
 
-	"fscrypt/util"
+	"github.com/google/fscrypt/util"
 )
 
 var errNotInitialized = errors.New("not initialized")
diff --git a/metadata/policy.go b/metadata/policy.go
index 259fe04..533d48a 100644
--- a/metadata/policy.go
+++ b/metadata/policy.go
@@ -30,7 +30,7 @@ import (
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 
-	"fscrypt/util"
+	"github.com/google/fscrypt/util"
 )
 
 // Encryption specific errors
diff --git a/metadata/policy_test.go b/metadata/policy_test.go
index 58e19d7..cc6b36f 100644
--- a/metadata/policy_test.go
+++ b/metadata/policy_test.go
@@ -26,7 +26,7 @@ import (
 	"reflect"
 	"testing"
 
-	. "fscrypt/util"
+	"github.com/google/fscrypt/util"
 )
 
 const goodDescriptor = "0123456789abcdef"
@@ -38,12 +38,13 @@ var goodPolicy = &PolicyData{
 
 // Creates a temporary directory for testing.
 func createTestDirectory() (directory string, err error) {
-	baseDirectory, err := TestPath()
+	baseDirectory, err := util.TestPath()
 	if err != nil {
 		return
 	}
 	if s, err := os.Stat(baseDirectory); err != nil || !s.IsDir() {
-		return "", fmt.Errorf("%s: %q is not a valid directory", TestEnvVarName, baseDirectory)
+		return "", fmt.Errorf("%s: %q is not a valid directory",
+			util.TestEnvVarName, baseDirectory)
 	}
 
 	directoryPath := filepath.Join(baseDirectory, "test")
diff --git a/pam/login.go b/pam/login.go
index d80d719..2d79223 100644
--- a/pam/login.go
+++ b/pam/login.go
@@ -37,8 +37,8 @@ import (
 
 	"github.com/pkg/errors"
 
-	"fscrypt/crypto"
-	"fscrypt/util"
+	"github.com/google/fscrypt/crypto"
+	"github.com/google/fscrypt/util"
 )
 
 // Global state is needed for the PAM callback, so we guard this function with a
diff --git a/vendor/vendor.json b/vendor/vendor.json
index b634b0a..69422b7 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -3,6 +3,18 @@
 	"ignore": "test",
 	"package": [
 		{
+			"path": "fscrypt/crypto",
+			"revision": ""
+		},
+		{
+			"path": "fscrypt/metadata",
+			"revision": ""
+		},
+		{
+			"path": "fscrypt/util",
+			"revision": ""
+		},
+		{
 			"checksumSHA1": "APDDi2ohrU7OkChQCekD9tSVUhs=",
 			"path": "github.com/golang/protobuf/jsonpb",
 			"revision": "2bba0603135d7d7f5cb73b2125beeda19c09f4ef",
@@ -45,5 +57,5 @@
 			"revisionTime": "2017-05-29T13:44:53Z"
 		}
 	],
-	"rootPath": "fscrypt"
+	"rootPath": "github.com/google/fscrypt"
 }
author	Joe Richey joerichey@google.com <joerichey@google.com>	2017-06-28 13:57:55 -0700
committer	Joe Richey joerichey@google.com <joerichey@google.com>	2017-06-28 15:15:21 -0700
commit	2c52eca8727df744d093703bbcbd87fc39d57d30 (patch)
tree	ce733819f34baacbb67d5dabb5baaa01c6888e9d
parent	abdd12ff9efa98af245b91517398ad84b42fd90e (diff)